IMPORTANT NOTES (PLEASE READ!):

• These are NOT products. They are for testing and demonstration purposes only.
• They have NOT been reviewed or audited. Do NOT use for sensitive data.
• All functionality demonstrated is experimental.
• These are NOT meant to replace robust solutions like VeraCrypt, Simplexchat, Signal, Whatsapp, wetransfer. It's a proof-of-concept to show what's possible with browser APIs.
• Cyber security is full of caveats, so reach out for clarity on any details if they can't be found in the docs.

Aiming to create the worlds most secure messaging app.

https://positive-intentions.com/docs/projects/chat

• Open Source
• Cross Platform
  • PWA
  • iOS, Android, Desktop (self compile)
  • App store, Play store (coming soon)
  • Desktop
    • Windows, MacOS, Linux (self compile)
    • Run index.html on any modern #browser
• Decentralized
• Secure
  • No Cookies
  • P2P E2EE encrypted
  • Forward secrecy
  • No registration
  • No installing
• Messaging
  • Group Messaging (coming soon)
  • Text Messaging
  • Multimedia Messaging
  • Screensharing (on desktop browsers)
  • Offline Messaging (in research phase)
  • File Transfer
  • Video Calls
• Data Ownership
  • SelfHosted
  • GitHub pages Hosting
  • Local-only storage

For more information on "how it works", check out: https://positive-intentions.com/blog/decentralised-architecture

(Degoogled links to the apps)

• P2P Chat: https://chat.positive-intentions.com/
• P2P File: https://file.positive-intentions.com/
• Encrypted drive storage: https://dim.positive-intentions.com/?path=%2Fstory%2Fusefs--encrypted-demo

More:

• GitHub: https://github.com/positive-intentions
• Mastodon: https://infosec.exchange/@xoron
• Reddit: https://www.reddit.com/r/positive_intentions

I'll be self-hosting a service with user submissions soon, so I'm worried about the https://howto.geoblockthe.uk/ situation.

Based on this I've wondered, are there any community maintained geo block lists that might be useful? All database options I found are either 1. an on-demand online service which seems questionable for privacy reasons, or 2. IPv4 only, or 3. have weird terms of use with a gag clause regarding the entire company making it and other weird stuff.

I'm not a fan of geo blocking in general, but the situation is what it is.

PS: Please don't discuss the Online Safety Act itself too much in the comments, or whether somebody should be using a geo ip to handle this. While I might appreciate useful input on that, I'm hoping this post can remain a resource for those who are looking for such a database for other reasons as well.

Homebox v0.21.0 released!

Homebox is proud to announce the release of version v0.21.0!

But first, what is Homebox?

Homebox is the inventory and organization system built for the Home User! With a focus on simplicity and ease of use. Homebox is the perfect solution for your home inventory, organization, and management needs.

About the update

We have officially released v0.21.0 and at the same time are making progress towards v1 (stable). This release covers a range of new features and bug fixes, including:

• Add product fetching using barcodes
• Support listening on unix sockets and systemd sockets
• Add plugin to set image sizes in Markdown
• Add support for postgres certificate authentication
• Hardened Docker images now available!
• Use aspect ratio when making thumbnails
• Fixes to Windows attachment paths
• Fix photo display issue when adding additional attachments to items
• ... And much more!

You can see a full list of changes here: Changelog

What about V1..?

Great news! We're making some solid progress towards a v1 release, and have documented our roadmap update here: Homebox v1 Roadmap: Update

Important Note
Our new -hardened suffixed docker images are experimental, and may have bugs not normally encountered in other docker builds.

Follow the Homebox journey

• On Discord: https://discord.homebox.software/
• On the web: https://homebox.software/
• On Github: https://git.homebox.software/
• Demo: https://demo.homebox.software/
• Translate Homebox: https://translate.sysadminsmedia.com/

After a lot of work, and a lot of trying, I couldn’t find FOSS software that properly syncs my family’s photos in the background (tried Immich, still not good enough despite the new beta timeline, kinda worked in 1.136, got kinda broken on 1.138, tried Nextcloud, but still haven’t gotten new photos to sync in the background. Ente is waaaay too complicated, with waaaay too many moving parts that can break). Given all of this, I gotta choose some prebuilt nas that can properly sync. I don’t like synology but apparently their background sync is ok. What about Qnap and Ugreen? Are they ok?

I'm a professional DevOps worker, and I recently got back into building my own services in the cloud, and I discovered Oracle Cloud Free Tier. It is full of goodies I couldn't resist, especially since my own personal server at home had gone down. In my quest to ensure that I spend absolutely no time in a terminal, I came across this other application called Cosmo Cloud that works a lot like CasaOS. It's got some bells and whistles, though, that CasaOS is missing like a secure reverse proxy complete with an application shield to prevent malicious attacks, central user management through the use of OpenID, multiple URLs can be locked down to individual users, and Cosmo offers a lot of flexibility when it comes to adding containers to your server.

Since it took me a couple of days to build a server, I thought I would write it down in a guide so I wouldn't forget it, and it's occurred to me that other people might appreciate some instructions on how to get all this configured securely.

This guide includes using cloudflare tunnels as the way to expose internet services as it adds another layer of protection between your server and the internet.

I've reviewed it pretty thoroughly but I probably wrote something down wrong or maybe I mistyped something. If you have any questions or need any help getting things configured, reach out to me and I'll do what I can.

This option works but sucks as a code editor.

Hey everyone, I'm currently trying to run Jellyfin with Tailscale using docker compose and a reverse proxy through Caddy. I'm using this guide to do this. After configuring the yaml, I tried to start things up and Tailscale and Jellyfin started, but Caddy wouldn't start and it gave the following error:

Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "/root/Jellyfin/jellyfin-tailscale/caddy/conf/Caddyfile" to rootfs at "/etc/caddy/Caddyfile": create mountpoint for /etc/caddy/Caddyfile mount: cannot create subdirectories in "/var/lib/docker/overlay2/325e35ec5a4c8d8bac5d7576e2deeb4b8365af027486e232ad78b458708b639b/merged/etc/caddy/Caddyfile": not a directory: unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type

I checked the Caddy Image information here, and modified the yaml to mount the Caddyfile directory instead.

New code looks like this ~/Jellyfin/jellyfin-tailscale/caddy/conf:/etc/caddy

Now when I restart the services with Docker Compose, all three start, however Caddy (and therefore Jellyfin) won't run, they continually try restarting. By looking at it with docker logs caddy, I see that it throws out this error over and over:

Error: reading config from file: read /etc/caddy/Caddyfile: is a directory

I've inspected both the Caddyfile in /etc/caddy and in ~/Jellyfin/jellyfin-tailscale/caddy/conf using file Caddyfile, and both say they're Caddyfile: ASCII text.

What am I missing and how do I fix it?

EDIT: Forgot to put in links

Of course, after than, whatever you've just plugged into it, will most likely not work

502 Bad Gateway
504 Gateway Timeout
X-Forwarded-For

The solution is probably somewhere deep in the bowels of whatever you're trying to make work

It will look obvious once you've figured out, that's why it wasn't mentioned next to the bunch of instruction you pasted into your console to install the thing

Just another day walking in the forest of papercuts

TL;DR demo

Hi all !

I would like to showcase Gosuki: a multi-browser cloudless bookmark manager with multi-device sync capability, that I have been writing on and off for the past few years. It aggregates your bookmarks in real time across all browsers/profiles and external APIs such as Reddit and Github.

Features

• A single binary with no dependencies or browser extensions necessary. It just work right out of the box.
• Multi-browser: Detects which browsers you have installed and watch changes across all of them including profiles.
• Use the universal ctrl+d shortcut to add bookmarks and call custom commands.
• Tag with #hashtags even if your browser does not support it. You can even add tags in the Title. If you are used to organize your bookmarks in folders, they become tags
• Real time tracking of bookmark changes
• Multi-device automated p2p synchronization
• Builtin, local Web UI which also works without Javascript (w3m friendly)
• Cli command (suki) for a dmenu/rofi compatible query of bookmarks
• Modular and extensible: Run custom scripts and actions per tags and folders when particular bookmarks are detected
• Stores bookmarks on a portable on disk sqlite database. No cloud involved.
• Database compatible with the Buku. You can use any program that was made for buku.
• Can fetch bookmarks from external APIs (eg. Reddit posts, Github stars).
• Easily extensible to handle any browser or API
• Open source with an AGPLv3 license

Rationale

I was always annoyed by the existing bookmark management solutions and wanted a tool that just works without relying on browser extensions, self-hosted servers or cloud services. As a developer and Linux user I also find myself using multiple browsers simultaneously depending on the needs so I needed something that works with any browser and can handle multiple profiles per browser.

The few solutions that exist require manual management of bookmarks. Gosuki automatically catches any new bookmark in real time so no need to manually export and synchronize your bookmarks. It allows a tag based bookmarking experience even if the native browser does not support tags. You just hit ctrl+d and write your tags in the title.

I'm in the process of setting up homelab stuff and i've been doing some reading. It seems the consensus is to put everything behind a reverse proxy and use a vpn or cloudflare tunnel.

I plan to use a VPN for accessing my internal network from outside and to protect less battle tested foss software. But I feel like if I cant open a port to the internet to host a webserver then the internet is no longer a free place and we're cooked.

So my question is, Can I expose webserver, SSH, WireGuard to the internet with reasonable safety? What precautions and common mistakes do I need to watchout for.

The team behind Maybe just released version v0.6.0, and with it announced a major shift: the project is officially moving away from open-source development and pivoting to a B2B-focused model.

From now on, Maybe will focus on enterprise-grade data analysis and scenario planning tools for businesses. As a result, there will be no further updates, maintenance, or community support

This marks the end of Maybe as a public, code-based personal finance tool.

If you’ve been using it personally, v0.6.0 is the final release. You can keep using it as-is, but don’t expect updates.

Hello

Note that I am only interested in the technical details and I already have alternative for remote access.

As you may know Plex made some changes recently and remote access became a paid feature.

At first I thought that only people using plex.tv who will be impacted as they are using their relay feature. But I was surprised that accessing the server by its public IP is considered as a remote access (it make sense though).

So I thought that putting Plex behind a reverse proxy in the same network will solve the issue. Plex will see a local connection from the reverse proxy and treat it as a direct access. But still Plex detect that as a remote access. I even tweaked the host and headers passed by reverse proxy with no success.

Plex even consider accessing the server using a local domain as a remote access.

So I tested tailscale, I ran it on the server and tried to access Plex using the assigned IP but my access is considered a remote access. Now I ran tailscale on the client and accessing Plex from it is considered a direct access.

At first I thought Plex was checking the url but it doesn't seem to be the case.

Can someone explain me how does Plex detect remote vs local access?

Hey y’all, I know getting a setup that feels “right” can be a process. We all have different goals, tech preferences, etc.

I wanted to a share my blog post walking through how I finally built a setup that I can just be happy with and use. It goes over my goals, requirements, tech choices, layout, and some specific problems I’ve resolved.

Where I’ve landed of course isn’t where everyone else will, but I hope it can serve as a good reference. I’ve really benefited from the content and software folks have freely shared, and hope I can continue that and help others.

Happy to answer questions!

A new open-source Single Sign-On (SSO) provider designed to simplify user and access management.

Features:

• 🙋‍♂️ User Management
• 🌐 OpenID Connect (OIDC) Provider
• 🔀 Proxy ForwardAuth Domains
• 📧 User Registration and Invitations
• 🔑 Passkey Support
• 🔐 Secure Password Reset with Email Verification
• 🎨 Custom Branding Options

Screenshot of the login portal:

I struggled quite a while to install HomeAssistant on the new Truenas Scale Incus system because there are no good guides for it. So here is one.

💾 STEP 1: Create a ZVOL

I gave mine 50GB. Minimum needed is 32GB.

Scroll down and save.

cd /tmp
wget https://github.com/home-assistant/operating-system/releases/download/15.2/haos_ova-15.2.qcow2.xz
unxz haos_ova-15.2.qcow2.xz

sudo qemu-img convert -p -O raw haos_ova-15.2.qcow2 /dev/zvol/NAS/HomeAssistant

So, I had to shutdown my mini pc home server (on NIXOS) so that it could be used for something else. Most of my data is in a pair of external hdds in a RAID configuration. However the Postgres database was in the boot drive. I still have it, but it refuses to boot anywhere else (tried some old spare laptops). How can I recover it?

Homebox v0.20.0 released!

Homebox is proud to announce the release of version v0.20.0!

But first, what is Homebox?

Homebox is the inventory and organization system built for the Home User! With a focus on simplicity and ease of use. Homebox is the perfect solution for your home inventory, organization, and management needs.

About the update

We have officially released v0.20.0 and at the same time are making progress towards v1 (stable). This release covers a range of new features and bug fixes, including:

• Fix untranslated strings
• Printable label improvements
• Move passwords to use Argon2ID
• UI improvements
• Add page title for label and location pages
• Thumbnails
• Fixes for our VS Devcontainer
• ... And much more!

You can see a full list of changes here: Changelog

What about V1..?

Great news! We're making some solid progress towards a v1 release, and have documented our roadmap update here: Homebox v1 Roadmap: Update

Important Note

If you have a custom data path specified for attachments please read the updated documentation to ensure that attachments still work.

Follow the Homebox journey

• On Discord: https://discord.homebox.software/
• On the web: https://homebox.software/
• On Github: https://git.homebox.software/
• Demo: https://demo.homebox.software/

Translate Homebox: https://translate.sysadminsmedia.com/

cross-posted from: https://lemmy.ml/post/31718711

Always wanted to selfhost your Fediverse instance but were always worried about system administration trauma?

Do you ever have to run around your flat, picking up all the leftover parentheses from yesterday's party with your hosting coop coworkers?

Then you are probably the right person, check out this post about fearless Bonfire hosting on a Guix System. You'll learn that taking care of a community is much more manageable when you let computer do the boring work for you.

Set up HTTPS, automatic backups, automatic nightly upgrades and join the awesome Bonfire community without a single worry on losing data from your instance.

cross-posted from: https://lemmy.ml/post/31250679

"this morning, as I was finishing up work on a video about a new mini Pi cluster, I got a cheerful email from YouTube saying my video on LibreELEC on the Pi 5 was removed because it promoted:

Dangerous or Harmful Content Content that describes how to get unauthorized or free access to audio or audiovisual content, software, subscription services, or games that usually require payment isn't allowed on YouTube.

I never described any of that stuff, only how to self-host your own media library.

This wasn't my first rodeo—in October last year, I got a strike for showing people how to install Jellyfin!

In that case, I was happy to see my appeal granted within an hour of the strike being placed on the channel. (Nevermind the fact the video had been live for over two years at that point, with nary a problem!)

So I thought, this case will be similar:

• The video's been up for over a year, without issue
• The video's had over half a million views
• The video doesn't promote or highlight any tools used to circumvent copyright, get around paid subscriptions, or reproduce any content illegally

Slam-dunk, right? Well, not according to whomever reviewed my appeal. Apparently self-hosted open source media library management is harmful.

Who knew open source software could be so subversive?"